Rotary dial authenticates sudo commands

[W1ndman] won’t win any security awards for this build, but it’s an interesting idea. On many Linux-based systems commands can be run with administrator privileges by prefacing them with the keyword ‘sudo’. Normally you’d be asked for a password but [W1ndman] used the Pluggable Authentication Modules (PAM) to authenticate via his own shell script. That script checks a code from this rotary dial for authentication. An Arduino takes care of listening for each digit that is entered and then sends the code via USB for comparison with a stored file. We’re not sure if that stored code is in a plain file or is otherwise protected, but at the very least this prevents you from using ‘sudo’ willy-nilly.

This bit of code will allow Arduino to control a computer with login. It’s all done with shell and the expect command, so no need to preconfigure anything. Just have a script watch arduino and if serial says to do something, do it.

@Andrew,
I think you’re just being pedantic here. Realistically, most people’s exposure to “sudo” is from linux/unix. While it might technically be available to all GNU derivatives, Linux is the one that jumps to mind.

Also, Mike uses linux exclusively on his home computers. I had to ask him to set up a virtual windows machine to do something for me once.

In short, if there’s a chance you’re going to ‘\rm -rf /’, don’t be on the sudo’er list, or limit the commands you can run through sudo. Whilst I admire the originality, if you need this to prevent you using sudo ‘willy-nilly’ then maybe a reconsideration of your role is required.

How about using the rest of the phone as an IP handset. Would also make a nice enclosure for the dial.

BTW for other brits here, 700 series dials are pretty heavily sprung. I replaced the one in my 746 with one from a Trimphone slightly modded to fit the hole so it doesn’t slide about when you’re dialling one-handed.

This would be interesting for remote users. Have a red light start flashing to indicate a user has requested sudo access (with an LCD showing the user name of course). Only an admin with the “code” and physical can allow the request. Of course this assumes good security practices in the implementation……